General
-
Target
35a54493377d07e5e4d74a1d047d246437d2a6554ac2dd16d0b7e27b02370a8a
-
Size
276KB
-
Sample
220626-3hvv6sgfh5
-
MD5
144a8163a39cc6ab324ab6ae6e009333
-
SHA1
0088c324a6a0b9f5c57fb354689eb1bce3ae82b7
-
SHA256
35a54493377d07e5e4d74a1d047d246437d2a6554ac2dd16d0b7e27b02370a8a
-
SHA512
5aed9ed6d79fd1184684cf9224b699a0e8072e2ce15ec4608e1cf3065d41314a0e7d53a057aec9d1881bcaa5998578960500d9f3063b52196b8992fb6441675f
Static task
static1
Behavioral task
behavioral1
Sample
35a54493377d07e5e4d74a1d047d246437d2a6554ac2dd16d0b7e27b02370a8a.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
35a54493377d07e5e4d74a1d047d246437d2a6554ac2dd16d0b7e27b02370a8a.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
netwire
extensions14718.sytes.net:3324
extensions14718sec.sytes.net:3324
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
-
keylogger_dir
C:\Users\Admin\AppData\Roaming\Logs\
-
lock_executable
false
-
mutex
AJTAsMDe
-
offline_keylogger
true
-
password
Password
-
registry_autorun
false
-
use_mutex
true
Targets
-
-
Target
35a54493377d07e5e4d74a1d047d246437d2a6554ac2dd16d0b7e27b02370a8a
-
Size
276KB
-
MD5
144a8163a39cc6ab324ab6ae6e009333
-
SHA1
0088c324a6a0b9f5c57fb354689eb1bce3ae82b7
-
SHA256
35a54493377d07e5e4d74a1d047d246437d2a6554ac2dd16d0b7e27b02370a8a
-
SHA512
5aed9ed6d79fd1184684cf9224b699a0e8072e2ce15ec4608e1cf3065d41314a0e7d53a057aec9d1881bcaa5998578960500d9f3063b52196b8992fb6441675f
-
NetWire RAT payload
-
Executes dropped EXE
-